CVE-2004-2574 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2004-2574

CWE

https://cwe.mitre.org/data/definitions/NVD-Other.html

Cross-site scripting (XSS) vulnerability in index.php in phpGroupWare 0.9.14.005 and earlier allows remote attackers to inject arbitrary web script or HTML via the date parameter in a calendar.uicalendar.planner menuaction.

Affected Software

Name	Vendor	Start Version	End Version
Phpgroupware	Phpgroupware	*	0.9.16.005 (including)
Phpgroupware	Phpgroupware	0.9.16.000 (including)	0.9.16.000 (including)
Phpgroupware	Phpgroupware	0.9.16.002 (including)	0.9.16.002 (including)
Phpgroupware	Phpgroupware	0.9.16.003 (including)	0.9.16.003 (including)

References

http://www.osvdb.org/7600
http://www.securityfocus.com/bid/12082
https://savannah.gnu.org/bugs/?func=detailitem\u0026item_id=7478